1. Field of the Invention
This invention relates to computer network security, and more particularly preventing Web application threats.
2. Description of Related Art
Recent, well publicized, security breaches have highlighted the need for improved security techniques to protect consumer privacy and secure digital assets. Examples of organizational victims of cybercrime include well known companies that typically have traditional Web security in place, yet cyber criminals have still been able to obtain personal data from financial, healthcare, retail, and academic Web sites. Organizations that have publicly confirmed exposure of client or customer information put the figure at over 500,000 people who were victims of cybercrime in 2005, and those are the organizations that have publicly confirmed a security breach. It is highly likely that more organizations were also impacted, but did not reported it, and more troubling yet, other organizations may have had information leakage but are completely unaware of the situation.
Organizations can not afford negative brand image, credibility damage, legal consequences, or customers losses. In one example, in June 2005 MasterCard and Visa reported that a third party processor, CardSystems, had exposed credit card transaction records of approximately 40 million people that included names, card numbers and security codes. The CardSystems situation is an unfortunate example of how a single security breach can materially impact a business, yet it is also a wake up call for anyone doing business online.
The disclosure of some of these Web security breaches has led law enforcement to determine, after careful investigation, that cybercrime is being driven by organized crime. This is very different than the bright kid-next-door trying to break into a system to prove bragging rights. Targeted rings of well educated and sophisticated hackers have been uncovered, often in countries where prosecuting them is a challenge. Contributing to the increase in cybercrime is the ease with which these organized cyber criminals can target, and hack, a Web application from anywhere in the world with simple Internet access.
Properly securing Web applications and the data behind them is a critical component to doing business on the Web. Often, some of the most valuable organizational data is served through a Web browser making it more important than ever to safeguard this information from cybercriminals.
Thus, there is a need for improved systems and techniques to protect Web applications from security breaches.